The Background

Large national corporations and single person businesses alike turn to IT consultant Gigabit Geek to help streamline their operations. Managed services range from trainings about new software devices and technology trends through complete overhauls of antiquated technologies. But what happened to Gigabit Geek when knowledge alone wasn’t enough and it was hit with what’s being called one of the biggest digital threats facing businesses today – ransomware?

The situation seemed harmless at first. “We had a user report that they were missing a file,” shared Luke Skibba, IT Administrator at Gigabit Geek. “We didn’t think much of it at the time, and simply restored it. But, over the next few hours, we received reports of missing files from other users across several offices,” continued Skibba. What Gigabit Geek soon realized was that one of its users had been hit with Cryptowall.

This particular family of ransomware encrypts the files on a victim’s computer and keeps them locked until the victim pays a set ransom. It’s like arriving at your office one day to find all of your computers padlocked, and a man in a mask demanding $5,000 per user to give you the key. If you don’t pay, you’ll lose the files forever.

What Gigabit Geek didn’t realize at the time was that impacted files were being blocked from syncing back to the cloud. Rather, the files were seen by other users of the shared folders as deleted. By the time the infected device and cause had been identified, the impact was massive. “Ninety percent of our files were encrypted by the virus. It impacted every user in our whole company,” said Skibba.

Industry: Managed technology service provider

Headquarters: Waukegan, Illinois

Intermedia’s customer since: 2015

The Road to Recovery

“One of the biggest pain points for any company is downtime, and ransomware is a huge offender,” said Skibba. An Intermedia survey on ransomware’s impact revealed that 72 percent of infected business users lost access to data for at least two days, and 32 percent lost access for five days or more. These findings are in line with Gigabit Geek’s experience.

Skibba explained the attack’s effect on day-to-day business operations. "We were able to wipe the infected device and restore access to the cloud within about a day, but the time to fully recover from the breach was extensive. In this case, we determined that the quickest way to recover the deleted files was through manual restores – 2-3 Terabytes of data in total. It was a slow process, taking two full weeks to complete."

The Resolution

If your company gets infected, you face two very hard choices: either spend multiple days recovering the locked files from backups—during which time you’ll endure user downtime, lost sales and angry customers—or pay ransom to an organized crime syndicate. Even if you pay the ransom, downtime is inevitable as IT contains the virus and restores the infected device.

With SecuriSync by Intermedia, Gigabit Geek was able to greatly simplify the restoration process. “This was one of the easiest restore experiences I’ve had. Intermedia’s support and SecuriSync transformed a nightmare data loss situation into a simple inconvenience,” Skibba declared.

We had 90% of our files be encrypted. This ransomware attack impacted every user in our whole company

Mitigating the Risk

The threat of ransomware is rapidly growing. According to Intermedia’s report, 43 percent of IT consultants have had their customers fall victim to ransomware. Forty-eight percent saw an increase in ransomware-related support inquiries and 59 percent of respondents expect the number of attacks to increase this year.

Skibba states, “We aren’t a behemoth organization and we weren’t putting up any red flags that would make us a special target. Ransomware criminals are broadening their attacks and we’re all at risk.”

To further mitigate this growing disruption, SecuriSync serves as a business continuity solution for cyber threats, letting impacted users continue working during an outbreak. This is achieved by 1) allowing instant role back to clean files and 2) giving immediate access to those documents from alternate devices. Ransomware has been so lucrative for criminals because these two capabilities have never before been present in a single product until now.

“With these SecuriSync features in place, we’ll be able to recover impacted files and return to operations in just minutes instead of weeks. Giving users the power to get back up and running quickly without paying the ransom will change the game of fighting ransomware,” declares Skibba.

Skibba shares these final words of warning with businesses. "You simply cannot take an ‘it will never happen to us’ attitude. There is no protection against this kind of ransomware other than effective backup. Once you get hit with the ransom pop-up, it’s usually already too late to contain the threat. The ability to determine when a virus hit and roll back impacted files to a desired moment in time is invaluable. SecuriSync has been my saving grace. All companies must make SecuriSync a foundational part of their business continuity plans. Flip the switch and get protected."

Intermedia Unite, SecuriSync, VoIP Scout, AnyMeeting and HostPilot are either trademarks or registered trademarks of Intermedia.net, Inc. in the United States and/or other countries. J.D. Power 2017 Certified Assisted Technical Program, developed in conjunction with TSIA. Based on successful completion of an audit and exceeding a customer satisfaction benchmark for assisted support operations. For more information, visit www.jdpower.com or www.tsia.com.